IETF Logo Mail Archive

Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part testing

Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 03 April 2024 13:35 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 050E0C151073 for <tsvwg@ietfa.amsl.com>; Wed, 3 Apr 2024 06:35:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.077
X-Spam-Level:
X-Spam-Status: No, score=-2.077 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.08, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0QWTY3jofZeG for <tsvwg@ietfa.amsl.com>; Wed, 3 Apr 2024 06:35:13 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on2122.outbound.protection.outlook.com [40.107.7.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12122C14F5FE for <tsvwg@ietf.org>; Wed, 3 Apr 2024 06:35:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lejgay89owgNiqbzmF4bCit0XAhXpXzsqoHZH2AGaArSykKEGgzkTXUXHRLbE8qNNUt6FxikfJA/8F8ekucrkCpLRZm0hKo0YLrxPllFF3SjekAEHDwoqbFgO0f95wMhm7PARmBZzGUoOBt5gk4VyN7aLXKRiuW7VLjDxJKFuwKyjBWFYRTeGN/3RX3diBXfVs4vGqgQgtJe55pK+6lmwJ6UvDDlmIc4cmd8Hnu487tRA3FhoCbVJZUruXVoLebCwdksz+2mypy6+sww+5xm2mzmyIGnMz/HU8GjvE55kOYs+MGjy2UNGccF5cxQ2c7FSzI4ptWfigVdDU7UIpqxOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ti8iiP1yYT2yLB9WckLfqQUe3ICk4sFfy+cObEYULLo=; b=PiXI3Z6fiIj0HCG7iWu/iS94RazwdTGYSkH2qnRTX3+0eruyapqTplqXJeyH6vva9pkIAAYarvF1OKJkBNZJ4L57Lqy63e7NRKsGPKaLmsX+2pMXkBPnATbUDtqagkd1cRu5mgoYMFk6QU5udOxWADY9D4CIhP/TPofUBX/8FpJ+LDXHeBf8pYGtrry3b5s4puVIWTS+KpBjo/exfa1hHAy9wC0IvqKEZLjWHK4RIugHSxHrmPkM2GdVq7wSBBg2P0yKiMSFMnw8dKZfFsx57ybSOq2VyZykGjTJ+2nzCIsvJxDpMFFMrZuTplPTMeGCfyQ/lHPCfUSxv7G9PENXFQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ti8iiP1yYT2yLB9WckLfqQUe3ICk4sFfy+cObEYULLo=; b=oscznv5EgwrJlFSF5EH9+Dj36SykYbZNZ7VMVoVwN+lJWpuloR/GbhhOTlakq0FYUG1u6ZU4/3uT6vPNuoqlRR6QgV4Mjj8+jjDLWWBWzUFzzy/+2pY3yR7h5NK+UgCExRd4+uLKpSvoXiZ6eZXGs4LRdO3lQnVxVj1Krr6zDhVGaEOjQyHHZlGnrhvvB6HwXpRANElqHChSySoM6UyJAalsT9uxwbTqqa9TFcAQT5tabL+vmuKgTpmEg/Va9Ya8h8pGK6mPVDhTcRAmhZ6eMBbpG8J1uuagniduYG0+gK8RzYAhHXhGzc0KpB2lLx+Qm2meaS5QxVA1SdxoxHGddQ==
Received: from AS4PR07MB8874.eurprd07.prod.outlook.com (2603:10a6:20b:4f5::6) by AM8PR07MB8122.eurprd07.prod.outlook.com (2603:10a6:20b:36d::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Wed, 3 Apr 2024 13:35:08 +0000
Received: from AS4PR07MB8874.eurprd07.prod.outlook.com ([fe80::c104:41bd:ac71:7b13]) by AS4PR07MB8874.eurprd07.prod.outlook.com ([fe80::c104:41bd:ac71:7b13%4]) with mapi id 15.20.7409.042; Wed, 3 Apr 2024 13:35:08 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: Michael Tuexen <michael.tuexen@lurchi.franken.de>, Claudio Porfiri <claudio.porfiri=40ericsson.com@dmarc.ietf.org>
CC: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>, tsvwg IETF list <tsvwg@ietf.org>
Thread-Topic: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part testing
Thread-Index: AQHaeLt22oirLS45zEmJOmpSGUSmNrE9F2MAgAAJB8OAADc+AIAG9k6AgAW9RQCAAAF0IIAAGfwAgAx796Y=
Date: Wed, 03 Apr 2024 13:35:08 +0000
Message-ID: <AS4PR07MB8874494E83957A187EA0D5ED953D2@AS4PR07MB8874.eurprd07.prod.outlook.com>
References: <AS4PR07MB887498E4AFC609054B074A40952E2@AS4PR07MB8874.eurprd07.prod.outlook.com> <DEB2D70D-C457-4D79-9BED-95582E993B2C@lurchi.franken.de> <AS4PR07MB88744D44D4FC22A4A364EA5D952D2@AS4PR07MB8874.eurprd07.prod.outlook.com> <54EF29EA-B0B4-43E8-A930-B209C99545A5@lurchi.franken.de> <Zf33tSHk3pL0yPJP@t14s.localdomain> <B06B8274-7085-4743-9967-801F4FAA4397@lurchi.franken.de> <PA4PR07MB756833BCA44127BC8798710487352@PA4PR07MB7568.eurprd07.prod.outlook.com> <828FD33D-E4C0-4E16-BA61-FEB962A41BA1@lurchi.franken.de>
In-Reply-To: <828FD33D-E4C0-4E16-BA61-FEB962A41BA1@lurchi.franken.de>
Accept-Language: en-US, sv-SE
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS4PR07MB8874:EE_|AM8PR07MB8122:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: XNBO7n+/3JDoiTjUqTvUHBFgNrw+1wxLSpcKmnjATjbWT0lN3d2IYc8LSVQpn48stVgbKxZcf9QCbUX8QAChNeQzzLTIDezn/wQa0P0PxhZx08znR0tBwhhHtXG3De6sAvyKBEqD7TMt7eM0cDyZVZSwqIIl+/++2oDkj3JZ00icvOiVYopgMO2huYjcOWzrniKDs/2wPEi2wpwrFtJb0DDAekY9vwzeDDQ6FxnNoaewGrJYSiGGhmiX3p9NbMLOD8fVzaGgSnJaWad5x36Ta1pmavUn1rZePzry/e5Ornqo2sEVJUMZy43P+KXchEVsyaaler5wRXCHlHFU7rUHy46SluaBGcHRNnDJsW5HQQi3GlaEKAgzhyWE1+bzaqsU0iaxzOe3GEV1JO+JNGlqw4pMp7Pwshx47lpP05/JkjKnLTTgw0cdrYC5k/ITM8RfTBlGw1LFNNdZJYl7C6sqWpbNAxUl3vDT7bfWKMtIVoc+M+Vls5U60r1cMVsC7RWmaB4gs01MYCLRB5Hl4E6Z/u2J6V/76EXs0ncU2cni6Kq2JzhMEmJKE+zUCJXAQw/Ait+8+ShY+S1EqNIP8LW6yR8hbPFfOqk8LixTdI7oJ1E=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS4PR07MB8874.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(366007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: iw3jfIOn+h3ZTtsU58g3G7neN2nBaE/MsCB6fpEmQWiM2JnGIDS/P+PZKWaBoI/80U/kgNkcw6IhGLwcwx4rjTdlHTI1xzdg8ubVNJIxM7mPgUtb3Ao5vdfXBZgfGBITYL5aTBQFEikXCE8emgpQP29AiHpziIts/PC6U1FA6y1kRTIMtMqy9jAhJGAmSMsp3HPhV6I0tvxOIDAPK3FAeK8WxpeukaPxvQVFMDPOka80UXKaLtohxOV1EFfZFBvd8DZ8hmfS+wtJUZTpJnH7aJqmo3/iR5Foyu5lNXmIhZN/qtPb8QRypIMS25p1VEVt0p9S4UyopTXgspr0vYwHkvRAGveHRGW4TrPF9pZCdqyCU5/4JiVaysw5BVveVTdCwCRRbrCv2CmCIbIZI0dGADNWQDfOQ6U0PsdveCYPQrTXkTUJpjFCDtyvkyi7YT/Vjn4w0fov7CK4a08bVajZFZS/0CurAjK8fyCHdb8qr+KMSQO63KqonXxHwAhB+gzT6DTOUZ1+deCAZWpTDPCtqDguouRddbFdCy2WjCmYj7oilMmK78aQqjD8eybXwXokH25H44qyh+KYq2Nyb9073Tpz9NgUymElyNFO9GPw/vgi7x1dHE+sHTVrWQ9Topzd7XhymlbD2OaUSwOGW7ucAIjrXnkD2dUZsysLxk0vDgacCU4uHF9vCSQ3/XmedKHEBRdVIjB2vHyei6yMqMUa71KGtkV7B72d83qP+dHSheD6eCbrPaXZCRQEAx8l7CZNTpm+Ib39kdwiX+jCeA94ta1uJwf3AS6FM+CqS/3fZTDO66tEflrIqpmzG6DjqxGN8miCp5g8BtSrlL5FWolTSeEHvPiM9Jezq40psvpZydqTPCX7WxUYqySslmLKGPPwjzxLRlZ8DDNWyeV2FKGiu1iIX6PGwFAV82jos9GeGVD3mwzKTsWu6bTTSfLGDM4Cp7vbGQLAsf8XkDWsza6ytu7q+um1x79Ey8WzWUWIULFTotx8whL27C4egkVRvuG50gKohpNPq69TfC1bpWNRpyPfVrb6WGk51UyF0XBLQVzUmD89MmGyu7adgRFSvvU+wdhPj2MxhVeo+npF9l7jWORHcfK6Z8k/Ddb/pAccUlPodMgk5E+w5E9EN6A1GshLZ47ZJ3mfvxxYCrdXX3cdG/f4ewDaxwQ6yRx3aJMIQXZtOi3zCKtmTwWN63eDjN6fQsj4T8NPSyoBe/tsBLlKpvXELB6WJHmgRYxqGOIOyQ0gvrkQG3y18iHItbRpvx4udDkW7cwsmxkyWfWzd8cnws1TXSJ0Th9uRaB58LhlwaFi8Li6A3TGwDr3o+BlUTKYIJZlw2IbMTw/pgcgz++1HP9+HwB0U85BNp0F4HUd+nd4yG0X941mFEFBivzzL2XKz2Lr5PaXVSHDwr+INDEtz9woZF6ras9TOngzJa1yXdJ/NTMhAPbPig9lf04gDPWuK5rsPX8BAMR4koO0vFgGBd5VkWF80zvRR1qi2nQtl48q0A0xLV0WQFI/aRkyZPq+XSYHRPk/4+fqhQsFMX0ZGC8IlL4BxjxV/jw3jWxbnEa+48bl+KQWzVfg60+NqkzSmJGZIlUUV+ZcDKjxzBQzzGfboreucArvD/Fv0iaPAWU=
Content-Type: multipart/alternative; boundary="_000_AS4PR07MB8874494E83957A187EA0D5ED953D2AS4PR07MB8874eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS4PR07MB8874.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 96e69375-0121-4a42-8b22-08dc53e2e0fa
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2024 13:35:08.1946 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fVt1ex3eMHHhe7dLxwJIfr+UWTe23INRlMrS8Oxb+K7Q3x3/tLMWdQa3XnnDj5amwYszKDoQTifmLOxhuf6Z0ioy8rbM84QYIlF9A50L/iY=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR07MB8122
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/mEzDzcRH1KyHVRyhJiM36qUQJDE>
Subject: Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part testing
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2024 13:35:17 -0000

Hi Michael,

I can’t answer this question fully. It is highly dependent on how one does the implements and what is included in OpenSSL. I would expect that there are possibilities just change (if necessary) OpenSSL to export the key material from a particular DTLS connection so that they can be applied to the DTLS chunk. Then implement the IPR covered functionality in a separate library the part that uses OpenSSL to create new DTLS connections for rekeying and transmitt the related DTLS messages to the peer and process received one using OpenSSL. However, we have not attempted this. I think you have to await the IPR becoming public to asses this possiblity yourself. If you expect OpenSSL to have all the capabilities to perform the full rekeying solution then my belief is that this can’t be done without infringing the IPR.

Cheers

Magnus


From: Michael Tuexen <michael.tuexen@lurchi.franken.de>
Date: Tuesday, 26 March 2024 at 15:44
To: Claudio Porfiri <claudio.porfiri=40ericsson.com@dmarc.ietf.org>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>, tsvwg IETF list <tsvwg@ietf.org>, Magnus Westerlund <magnus.westerlund@ericsson.com>
Subject: Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part testing
> On 26. Mar 2024, at 14:14, Claudio Porfiri <claudio.porfiri=40ericsson.com@dmarc.ietf.org> wrote:
>
> Hi Marcelo,
> Thanks for the information.
> I am not aware of an Ericsson proposal that requires changes in DTLS.
> The alternative A did need features in DTLS that are part of DTLS1.2 but never implemented by OpenSSL or others, the alternative B doesn't need any change in the DTLS stack.
Really? Aren't you assuming an SCTP userland stack? I don't see how a
an unmodified DTLS stack can be used in combination with an SCTP
kernel stack. Could you elaborate?

Best regards
Michael
>
> Best regards,
> Claudio.
>
> -----Original Message-----
> From: tsvwg <tsvwg-bounces@ietf.org> On Behalf Of Michael Tuexen
> Sent: Tuesday, March 26, 2024 2:06 PM
> To: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
> Cc: Magnus Westerlund <magnus.westerlund@ericsson.com>; tsvwg IETF list <tsvwg@ietf.org>
> Subject: Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part testing
>
>> On 22. Mar 2024, at 22:27, Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> wrote:
>>
>> Hi,
>>
>> On Mon, Mar 18, 2024 at 12:08:10PM +0100, Michael Tuexen wrote:
>>>> On 18. Mar 2024, at 08:58, Magnus Westerlund <magnus.westerlund@ericsson.com> wrote:
>>>>
>>>> Thanks Michael,
>>>> I think your answer below makes it clear that it is possible to get DTLS chunk parties implemented in an open source operating system. I do understand the personal angle. I hope when the patent application becomes public before June the WG members will
>>> Please understand what is formally possible might be different from what people
>>> feel comfortable with. I think that the reservation I expressed is shared by
>>> Marcelo, who is one of the Linux maintainers.
>>
>> Exactly, Michael. Magnus, please consider that Linux (and FreeBSD) are
>> Open Source software, which are known to dislike licensed code for
>> many reasons. Even though the suggestion could fit technically, what
>> it essentially does is (with my upstream maintainer hat on) give me/us
>> maintainers more work, to maintain this additional code, that only
>> those willing to pay you can use. So thanks but no, I'm not interested
>> in finding hacky ways to (partially?) test code that the majority of
>> the users cannot benefit from.
>>
>> I hope that the WG realizes the problem that this represents before it
>> is too late, otherwise we may never support DTLS over SCTP in the
>> Linux kernel.
> Dear all,
>
> Martin asked at the TSVWG@IETF119 meeting what the position of the OpenSSL
> project is on having IPR protected code in their code base.
>
> I contacted Matt Caswell and got the following response:
>
> The OpenSSL contains:
>
>   3. Grant of Patent License. Subject to the terms and conditions of
>      this License, each Contributor hereby grants to You a perpetual,
>      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
>      (except as stated in this section) patent license to make, have made,
>      use, offer to sell, sell, import, and otherwise transfer the Work,
>      where such license applies only to those patent claims licensable
>      by such Contributor that are necessarily infringed by their
>      Contribution(s) alone or by combination of their Contribution(s)
>      with the Work to which such Contribution(s) was submitted. If You
>      institute patent litigation against any entity (including a
>      cross-claim or counterclaim in a lawsuit) alleging that the Work
>      or a Contribution incorporated within the Work constitutes direct
>      or contributory patent infringement, then any patent licenses
>      granted to You under this License for that Work shall terminate
>      as of the date such litigation is filed.
>
> and someone contributing the the code base must sign a CLA which contains:
>
> 3. Grant of Patent License. Subject to the terms and conditions of this Agreement, You hereby grant to the Foundation and to recipients of software distributed by the Foundation a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by You that are necessarily infringed by Your Contribution(s) alone or by combination of Your Contribution(s) with the Work to which such Contribution(s) was submitted. If any entity institutes patent litigation against You or any other entity (including a cross-claim or counterclaim in a lawsuit) alleging that your Contribution, or the Work to which you have contributed, constitutes direct or contributory patent infringement, then any patent licenses granted to that entity under this Agreement for that Contribution or Work shall terminate as of the date such litigation is filed.
>
> Therefore, the are two scenarios to distinguish:
>
> 1. People from Ericsson will contribute the change to the OpenSSL project.
> 2. People not from Ericsson will contribute code changes to the OpenSSL project.
>
> The first case is simple: Then it is simple, since they grant the patent license.
> However, based on the communication up to now, I don't think this is the plan
> of the people affiliated with Ericsson and participating in the discussion
> right now. Magnus, please correct me, if I'm wrong. I also formulates it in a
> way that you don't have to speak for all of Ericsson, which might be hard.
>
> The second case is what seems to be more realistic. At least Hannes wanted to
> work on OpenSSL and I would look at that implementation also. However, before
> it would be accepted by the OpenSSL team, they need to think about an exception
> and they must basically be convinced they they have the patent licenses they
> need. I guess, based on the statements of the people from Ericsson in the discussion,
> that such a license would not be granted.
> From a contributor point of view, I would not even start spending cycles on an
> implementation, when I would expect that it can not be accepted by the OpenSSL
> team. My guess is that, for example, Hannes shares the same view.
>
> @Magnus: Again, please correct me if I stated anything in relation of Ericsson
> incorrectly. The above statement is intended to be based on facts.
> Finally a discalimer: I'm not a lawyer...
>
> Best regards
> Michael
>>
>> Best regards,
>> Marcelo
>>
>>>
>>> Best regards
>>> Michael
>>>> be able to analyze what the claimed IPR covers and what can be done without requiring any licensing and when such is needed in relation to different use cases where DTLS in SCTP would be useful security mechanism.  Cheers
>>>> Magnus
>>>> From: Michael Tuexen <michael.tuexen@lurchi.franken.de>
>>>> Date: Monday, 18 March 2024 at 17:18
>>>> To: Magnus Westerlund <magnus.westerlund@ericsson.com>
>>>> Cc: tsvwg IETF list <tsvwg@ietf.org>
>>>> Subject: Re: [tsvwg] DTLS for SCTP: DTLS Chunk kernel part testing
>>>>> On 18. Mar 2024, at 00:04, Magnus Westerlund <magnus.westerlund=40ericsson.com@dmarc.ietf.org> wrote:
>>>>>
>>>>> Hi,
>>>>> In the design team we have discussion around barriers to implement DTLS Chunk (https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-westerlund-tsvwg-sctp-dtls-chunk%2F&data=05%7C02%7Cmagnus.westerlund%40ericsson.com%7C3b0f43d823504a50f75808dc4da33620%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638470610593998367%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=SOoivhr9NZYEAmDwgR2QY7WRPqSXnMvTK7x7YQOryiQ%3D&reserved=0<https://datatracker.ietf.org/doc/draft-westerlund-tsvwg-sctp-dtls-chunk/>) as part of SCTP stacks that are in open source OS kernels. The discussion in the design team indicated that they could implement and release the functionality described in the above draft. What was raised as an issue was the testing of this code using the API that would exist to the upper layer implementation that would implement the DTLS handshakes and rekeying per: https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-westerlund-tsvwg-sctp-dtls-handshake%2F&data=05%7C02%7Cmagnus.westerlund%40ericsson.com%7C3b0f43d823504a50f75808dc4da33620%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638470610594009542%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=wua0YnAD9sWSx2I6r5Cl50dzfPSwbk8hB3aSg15GVMs%3D&reserved=0<https://datatracker.ietf.org/doc/draft-westerlund-tsvwg-sctp-dtls-handshake/>.
>>>>> Is there any reason why one cannot actually write code to test this API without implementing almost any of draft-westerlund-tsvwg-sctp-dtls-handshake? I would think the goal of the kernel parts is to show that the lower layer and its API works and can
>>>> Hi Magnus,
>>>>
>>>> this is my personal opinion with respect to implementing this in FreeBSD.
>>>> Of course, one can do what you suggest. When I would implement it, most
>>>> likely I would add support for it in packetdrill to do some functional
>>>> testing. I guess some fuzz testing with tools like syzkaller would also
>>>> be done.
>>>> But when I'm implementing something (functionality in the kernel and
>>>> an API for it) which has mainly one use case, I would really prefer to
>>>> be able to test this in this use case. This is my personal preference
>>>> and nothing requires me to do this testing. But not testing it seem
>>>> sub-optimal to me.
>>>>
>>>> Best regards
>>>> Michael
>>>>> be used by a higher layer application on top of the SCTP stack. In a test application one could use hard coded keys and have multiple sets  to test rekeying and not run DTLS handshakes at all between the endpoints.
>>>>> Cheers
>>>>> Magnus
>>>
>>>
>

v2.23.0 | Report a Bug | By Email